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DETAILED ACTION 

This Office Action is in response to patent application S/N: 09/586,671, filed on 
June 01 , 2000. Claims 1-36 are pending in the action. 

Drawings 

Formal drawings filed on 06/01/2000 are acceptable for examination. 

Claim Rejections - 35 USC §112 
Claims 1-36 are rejected under 35 U.S.C. 112, first paragraph, as based on a 
disclosure which is not enabling. The present application discloses a plurality of 
emulation extensions but does not provide a clear description for emulation extension. 
What is the emulation extension in the present context? Why the emulation extension 
need, and how the extensions relate to the emulator. Such features are critical and 
essential to the practice of the invention to make the disclosure enable. 

Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

2. Claims 1-36 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Bond et al, US patent no. 6,275,938 B1 . 

As per claim 1 , Bond discloses a method and system for security enhancement 
of untrusted code execution with feature limitations very similar to the claimed invention. 
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According to Bond, the method for enhancement of security of suspect code execution 
includes steps 

Receiving the suspect code for execution (col. 5, lines 5-33 

Loading the suspect code into an emulation buffer (Fig. 4) within a data space of 
a computer system, 

Loading a first emulation extension into the emulator, wherein the emulator 
extension including program instruction to epnulate suspect code in order to detect a 
computer virus or malicious software (col. 6, lines 24-52), 

Performing an emulation using the first emulation extension and the suspect 
code, the emulation being performed within an insulated environment in the computer 
system (Figs 2, 3, col. 6, line 53 to col. 7, line 5) so that the computer system is 
insulated from malicious actions of the suspect code, and detecting and preventing the 
system from executing programs containing untrusted code (Field of the Invention). 
Bond does not expressly disclose the claimed feature of exhibit malicious behavior of 
the suspect code execution. 

It would have been obvious for those skilled in the art at the time of the invention 
was made to realize the security enhancement in Bond above implies the claimed 
feature of malicious behaviour because the security program in Bond is to enhance 
security for program execution by preventing security breaches (col. 2, lines 7-14, for 
example) or uncertainty provenance or effects (col. 4, lines 54-57) due to execution of 
untrusted codes. In other words, the security enhancement program in Bond is to 
detect malicious behavior of the suspect code execution in the system. 
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As per claims 2 and 4, Bond discloses step of performing the emulation includes 
emulating the program instructions that comprise the emulation extension. 

As per claim 3, due to the similarity of claim 3 to claim 1 above, and the security 
enhancement in Bond above implies the claimed feature of malicious behaviour 
because the security program in Bond is to enhance program execution by preventing 
security breaches (col. 2, lines 7-14, for example) or uncertainty provenance or effects 
(col. 4, lines 54-57). In other words, the security enhancement program in Bond is to 
detect malicious behavior of the suspect code execution in the system. 

As per claim 5, Bond discloses emulating the suspect code prior to loading the 
emulation extension into the emulator buffer (col. 4, lines 39-57, col. 5, lines 23-33). 

As per claim 6, Bond discloses the claimed limitations for detecting and 
preventing malicious codes or security breach in execution of the suspect code. 

As per claim 7, Bond discloses a plurality of emulation extension for detecting 
malicious or virus code. This would imply the claimed limitation of resolving conflict. 

As per claims 8-12, Bond discloses the claimed limitations for detecting and 
preventing malicious codes or security breach to resolve conflict and uncertainty 
provenance of program execution. 

As per claim 13, Bond discloses a method, a system and a computer readable 
medium storing instructions for enhancing security of suspect code execution or 
untrusted executable code with feature limitations very similar to the claimed invention. 
According to Bond, the computer readable medium for enhancement of code execution 
includes means for performing steps 
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Receiving the suspect code for execution (col. 5, lines 5-33 

Means for loading the suspect code into an emulation buffer (Fig. 4) within a data 
space of a computer system, 

Loading a first emulation extension into the emulator, wherein the emulator 
extension including program instruction to emulate suspect code in order to detect a 
computer virus or malicious software (col. 6, lines 24-52), 

Performing an emulation using the first emulation extension and the suspect 
code, the emulation being performed within an insulated environment in the computer 
system (Figs 2, 3, col. 6, line 53 to col. 7, line 5) so that the computer system is 
insulated from malicious actions of the suspect code, and detecting and preventing the 
system from executing programs containing untrusted code (Field of the Invention). 
Bond does not expressly disclose the claimed feature of exhibit malicious behavior of 
the suspect code execution. 

It would have been obvious for those skilled in the art at the time of the invention 
was made to realize the security enhancement in Bond above implies the claimed 
feature of malicious behaviour because the security program in Bond is to enhance 
program execution by preventing security breaches (col. 2, lines 7-14, for example). In 
other words, the security enhancement program in Bond is to detect and prevent 
malicious behavior of the suspect code execution in the system. 

As per claims 14 and 16, Bond discloses step of performing the emulation 
includes emulating the program instructions that comprise the emulation extension. 
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As per claim 15, due to the similarity of claim 3 to claim 1 above, and the security 
enhancement for program code execution in Bond above implies the claimed feature of 
malicious behavior because the security program in Bond is to enhance program 
execution by preventing security breaches (col. 2, lines 7-14, for example), uncertainty 
provenance or effects (col. 4, lines 54-57). In other words, the security enhancement 
program in Bond is to detect malicious behavior of the suspect code execution in the 
system and malicious code extent. 

As per claim 17, Bond discloses emulating the suspect code prior to loading the 
emulation extension into the emulator buffer (col. 4, lines 39-57, col. 5, lines 23-33). 

As per claims 18-24, Bond discloses the claimed limitations for detecting and 
preventing malicious codes or security breach in execution of the suspect code. 

As per claim 25, Bond discloses a method and a system for security 
enhancement of untrusted code execution with feature limitations very similar to the 
claimed invention. According to Bond, the system for security enhancement of 
suspect code execution includes means: 

Receiving the suspect code for execution (col. 5, lines 5-33 

Loading the suspect code into an emulation buffer (Fig. 4) within a data space of 
a computer system, 

Loading a first emulation extension into the emulator, wherein the emulator 
extension including program instruction to emulate suspect code in order to detect a 
computer virus or malicious software (col. 6, lines 24-52), 
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Performing an emulation using the first emulation extension and the suspect 
code, the emulation being performed within an insulated environment in the computer 
system (Figs 2, 3, col. 6, line 53 to col. 7, line 5) so that the computer system is 
insulated from malicious actions of the suspect code, and detecting and preventing the 
system from executing programs containing untrusted code (Field of the Invention). 
Bond does not expressly disclose the claimed feature of exhibit malicious behavior of 
the suspect code execution. 

It would have been obvious for those skilled in the art at the time of the invention 
was made to realize the security enhancement in Bond above implies the claimed 
feature of malicious behaviour because the security program execution in Bond is to 
enhance program execution by preventing security breaches (col. 2, lines 7-14, for 
example). In other words, the security enhancement program in Bond is to detect 
malicious behavior of the suspect code execution in the system. 

As per claims 26 and 28, Bond discloses step of performing the emulation 
includes emulating the program instructions that comprise the emulation extension as 
claimed. 

As per claim 27, due to the similarity of claim 27 to claim 25 above, and the 
security enhancement in Bond above implies the claimed feature of malicious behaviour 
because the security program in Bond is to enhance program execution by preventing 
security breaches (col. 2, lines 7-14, for example) or uncertainty provenance or effects 
(col. 4, lines 54-57). In other words, the security enhancement program in Bond is to 
detect malicious behavior of the suspect code execution in the system. 
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As per claim 29, Bond discloses emulating the suspect code prior to loading the 
emulation extension into the emulator buffer (col. 4, lines 39-57, col. 5, lines 23-33). 

As per claim 30, Bond discloses the claimed limitations for detecting and 
preventing malicious codes or security breach in execution of the suspect code. 

As per claim 31 Bond discloses a plurality of emulation extension for detecting 
malicious or virus code (Figs. 2-4). This would imply the claimed limitation of resolving 
conflict. 

As per claims 32-36, Bond discloses the claimed limitations for detecting and 
preventing malicious codes or security breach to resolve conflict and uncertainty 
provenance of program execution. 

Conclusion 

1 . The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

1. US patent no. 5,619,698, issued to Lilich et al, on Apr. 1997 

2. US patent no. 6,014,702, issued to King et al, on Jan. 2000 

3. US patent no. 6,035,405, issued to Gage et al, on Mar. 2000 

4. US patent no. 6,1 12,304, issued to Clawson, James, on Aug. 2000 

5. US patent application no. US 2003/0177485 A1 , issued to Waldin et al, on Sept. 
2003 

2. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Thai Q. Phan whose telephone number is 703-305- 
3812. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Jean Homere can be reached on 703-308-6647. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 
3. Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Sept. 28, 2004 A 




TharPhan 
Patent Examiner 
Art Unit 2128 



